Kyrgyzstan: Bishkek Snoops Relying on Russian Spyware

Few in Kyrgyzstan would be surprised to learn someone in the government is listening to their phone calls. Government prying is a widely acknowledged legacy of the Soviet era. Among rights activists, however, the concern is more technical: who, exactly, is listening?

As many as 11 state agencies have the legal right to listen in on Kyrgyzstanis’ phone and Internet communications, according to a 2011 report by the Civil Initiative on Internet Policy (CIIP), a Bishkek-based watchdog and training organization. CIIP Director Tattu Mambetalieva, among others, believes only one state agency should have the legal right, along with control of the necessary equipment, to eavesdrop.

Back in 2008, under then-president Kurmanbek Bakiyev, the State Committee on National Security, the KGB-successor agency now known as the GKNB, “began to install special equipment to monitor all incoming and outgoing [phone and Internet] traffic. When we asked them under what legal act [they were installing the equipment], they were unable to provide documents," said Mambetalieva.

Today, the legal uncertainties have been compounded by a diffusion of responsibility. Agencies as diverse as the Defense Ministry, Customs Service, and Border Service have access to Russian-made surveillance equipment called the System for Operative Investigative Activities, also known by its Russian-language acronym, SORM. Wired Magazine reported recently that SORM was developed in the 1980’s and 1990’s by the Soviet KGB.

The agencies with access to SORM technology are able to monitor and record all of Kyrgyzstan’s Internet traffic and, according to CIIP research, all mobile and landline phone calls. Though few believe Kyrgyzstan’s cash-strapped government has the resources to sift through extensive communications records, activists like Mambetalieva have another concern. She doesn’t believe Russia sold this equipment “without retaining a key."

Moscow wields enormous influence over Kyrgyz politics, and is widely credited for helping bring about Bakiyev’s ouster in early 2010. If the Kremlin has access to the phone calls and Internet communications of Kyrgyz political leaders, for instance, its influence could be even greater.

Artem Goryainov, director of IT programs at CIIP, is concerned about the path that communications take when traveling, for example, from a mobile phone operator (where the GKNB has installed SORM equipment) to one of the many security agencies with access to SORM. He’s skeptical the Kyrgyz authorities know where the information is going, too.
"If there are any holes … that information can go somewhere else, and there is a possibility it [SORM] could be controlled externally,” Goryainov said.

Put more simply, Kyrgyz authorities have not properly ensured their bugging equipment doesn't have any bugs of its own, says Anton Kirsanov, an information security consultant in Bishkek. "There may be several keys that allow remote access to the system. If no one has thoroughly studied the code and no one knows how the system works, then, consequently, such bookmarks [remote backdoors] can exist for years," Kirsanov said.

While the idea that Moscow is eavesdropping on Kyrgyzstan’s leadership may frighten some, there’s no hard evidence. And little could be done besides shutting the whole thing down, an unlikely prospect.

Dastan Bekeshev, a relatively progressive MP with the Ar-Namys party, agrees that SORM needs to be controlled, but he’s an avid supporter of the system in general. Asking if SORM is necessary “is like asking whether we need to fight criminals or not. SORM is, in fact, a necessary system,” he told EurasiaNet.org.

Activists are presently focusing on legislation at home, trying to find out who in Kyrgyzstan is using the equipment. When, shortly after Bakiyev’s ouster, a series of secretly recorded conversations between some of the new leaders surfaced online -- conversations that appeared to implicate several in corruption scandals -- no one knew who was playing what tricks on whom. Was it the Russians, some asked? The Bakiyevs? The bickering opposition leaders who had abruptly come to power?

With CIIP’s advice, lawmakers are preparing a bill that would mandate only one agency (not named, but mostly likely the GKNB) to manage SORM, and only use it with a court order on a case-by-case basis. The Cabinet of Ministers is also considering a regulation that would require the GKNB to win the consent of all government agencies with access to the equipment before it can take control. An earlier bill that would have helped regulate SORM stalled amid Kyrgyzstan’s 2010 political chaos.

A GKNB spokesman could not be reached for comment on November 7, though state agency representatives have publicly expressed support for regulating the use of SORM and have insisted the technology helps prevent crime and terrorist attacks.

One potential sticking point for reform efforts is accountability and the role of the courts in authorizing wiretaps. Under the current law, most – but not all – wiretaps must be sanctioned by a court before they are set up. Yet Kyrgyzstan’s courts have a reputation for lacking independence and for having a pro-prosecution bias inherited from the Soviet past. These factors might make it relatively easy for, say, a senior security official to pressure a relatively mid-level court into quietly and quickly (or even ex post facto) approving a wiretap, local observers say.

Until the courts, the prosecutors, and the GKNB have undergone systemic reform, with provisions established for transparent checks and balances, no one should have access to technology as powerful as SORM, argues Dinara Oshurahunova, the respected head of the Coalition for Democracy and Civil Society.

Kyrgyzstan’s courts are incapable of ensuring the GKNB becomes accountable, Oshurahunova says. She argues that SORM is simply a way for some powerful figures to break laws, not to uphold them: “SORM is used as an instrument of political pressure and must be shut down,” she said.